package com.itao.security.expression;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.expression.AbstractSecurityExpressionHandler;
import org.springframework.security.access.expression.SecurityExpressionOperations;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

public class OpcnetSecurityExpressionHandler extends AbstractSecurityExpressionHandler<Object> {
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();

    public OpcnetSecurityExpressionOperations createSecurityExpressionRoot() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (OpcnetSecurityExpressionOperations) createSecurityExpressionRoot(authentication, null);
    }
    
    public OpcnetSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication) {
        return (OpcnetSecurityExpressionOperations) createSecurityExpressionRoot(authentication, null);
    }

    @Override
    protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Object invocation) {
        OpcnetSecurityExpressionRoot root = new OpcnetSecurityExpressionRoot(authentication);
        root.setPermissionEvaluator(getPermissionEvaluator());
        root.setTrustResolver(trustResolver);
        root.setRoleHierarchy(getRoleHierarchy());
        return root;
    }

}
